Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
5
Helpful
4
Replies

Can VPN Concentrator act as a routing gateway?

netcraftjason
Level 1
Level 1

‎05-28-2008 12:05 AM - edited ‎02-21-2020 03:44 PM

Hi All,

I have a VPN 3005 behind a Cisco 1841 router. The Cisco 1841 is holding an internet connection. Now the VPN 3005 is acting as a VPN endpoint for internet Remote VPN coming in. And behind the "Private" interface of the VPN3005 there is a LAN(e.g. 10.0.0.0/24).

I would like to ask can this VPN3005 route traffic from Private(10.0.0.0/24) to Cisco 1841? Because I intend to let the 10.0.0.0/24 access internet without establishing a VPN tunnel to VPN3005's "Private" interface.

Anyone know?

Thanks!!!

Jason

Labels:
0 Helpful
4 Replies 4

netcraftjason
Level 1
Level 1

‎05-28-2008 04:57 PM

Anyone can help me?

Best Regards,

Jason

0 Helpful

srue
Level 7
Level 7
In response to netcraftjason

‎05-29-2008 10:46 AM

yes it can. it might be a pain to set up, and it will decrease the overall security posture of the device itself. also, since the 3005 only does software encryption, the appliance will then be even more taxed. if you post a network diagram, maybe we can make other suggestions to integrate it into your network.

Richard Burts
Hall of Fame
Hall of Fame
In response to srue

‎05-29-2008 06:30 PM

Jason

I have a customer who has been doing this. They have a LAN inside which goes through a VPN concentrator to get to a firewall and an Internet connection. It was in place when I started working with them so I can not speak to how difficult it is to set up. But it does not look like it was difficult.

HTH

Rick

HTH

Rick
0 Helpful

netcraftjason
Level 1
Level 1

‎05-29-2008 08:27 PM

Hi All,

Many thanks for your help!

I'm just to confirm if the VPN Concentrator can act as a routing gatway. The background of my question is based on a production environment. In this environment, there is having traffic only of incoming VPN connections(Remote access VPNs start from users on Internet). No outgoing traffic is passing through ASA--> VPN Concentrator --> Cisco 1841. (ASA is the gateway of the local LAN segment).

But in the future, two new zones will be created on ASA. One is for one part of user to go to internet. Another one is for third-party company on internet to get data. LAN to LAN VPN will be created between this third-party company's PIX506E and VPN Concentrator of my site.

Now I confirm that the VPN Concentrator can route traffic. So I think I can add these 2 new zones based on the existing production infrustructure.

Attached is the draft diagram for this case. Because this production network cannot be changed except adding new zones on ASA. So is it acceptable of my concept of adding those new zones on ASA?

Thanks!!!

Jason

Preview file
137 KB
0 Helpful
Customers Also Viewed These Support Documents